PawFriends Theme Allows Hackers to Access Local Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

PawFriends Theme Allows Hackers to Access Local Files

CVE-2026-22381

Summary

An issue in the PawFriends theme for WordPress allows attackers to access files on your website. This could let hackers steal sensitive information or cause other security problems. Update the theme to a fixed version to prevent this.

Original title

Original description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/pawfriends/vulnerability/wordpre...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026